nuget

JUL

应用商店、包管理……每天都会使用的东西有什么开发难度？

现代软件开发中，应用商店和包管理是我们每天都会使用的东西。然而，这背后隐藏着许多开发难题。安装一个包可能涉及到多个依赖关系，而这些依赖关系构成了一个有向无环图。基本需求包括避免重复安装相同的依赖、包与包之间的隔离、升级和降级的允许性、查询包的来源和版本等。全局包管理器如APT、yum和pacman可以解决这些问题，但是无法解决依赖冲突和破坏性的升级降级问题。分治思想将大问题拆分成小问题，例如将应用拆分成微服务，但是会带来包的重复安装和磁盘空间占用的问题。Nix是一个函数式的包管理器，通过不可变性和平坦的包存储解决了依赖冲突和包的隔离问题。Nuget则采用动态链接的方式解决依赖冲突。其他包管理工具如winget、snap和flatpak也有各自的解决方案。然而，包管理实际上没有万能解决方案，目前主流的做法是结合Monolithic的包管理、Docker和虚拟机来解决依赖冲突问题。虽然应用商店给我们带来了便利，但是背后的复杂性是巨大的。当我们开始自己分发软件时，才会意识到这个世界并不是那么简单。--GPT 4

JUL

Use your own cert to sign your package to identify your code identity.

This blog post offers a comprehensive guide on using a digital certificate to sign code and establish identity in the digital world. It first explains the concept of digital certificates, which are split into public and private keys. The public key is made available online for others to trust, while the private key is used to sign content. The post further elaborates on the subject and friendly name fields in a digital certificate. The subject field contains identity verification information, while the friendly name is an optional field used for easier identification and management of the certificate. For HTTPS certificates, the subject field typically includes the domain name or hostname of the certificate holder, which is crucial for ensuring secure communication. The blog then provides a step-by-step guide on generating a self-signed certificate and obtaining the private key. It also explains how to make the public key trusted by others. By generating a self-signed certificate and...--GPT 4

C# Certificate .NET Windows Sign Digicert Code Sign Signature nuget

Anduin's Tech Blog

应用商店、包管理……每天都会使用的东西有什么开发难度？

Use your own cert to sign your package to identify your code identity.